wolfSSL · JacobBarthelmeh · Dec 9, 2023 · Dec 5, 2023 · Dec 6, 2023 · Dec 7, 2023
diff --git a/doc/dox_comments/header_files/aes.h b/doc/dox_comments/header_files/aes.h
@@ -658,6 +658,82 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
                                    const byte* authTag, word32 authTagSz,
                                    const byte* authIn, word32 authInSz);
 
+/*!
+    \ingroup AES
+
+    \brief This is to initialize an AES-XTS context. It is up to user to call
+    wc_AesXtsFree on aes key when done.
+
+    \return 0 Success
+
+    \param aes   AES keys for encrypt/decrypt process
+    \param heap  heap hint to use for memory. Can be NULL
+    \param devId id to use with async crypto. Can be 0
+
+    _Example_
+    \code
+    XtsAes aes;
+
+    if(wc_AesXtsInit(&aes, NULL, 0) != 0)
+    {
+        // Handle error
+    }
+    if(wc_AesXtsSetKeyNoInit(&aes, key, sizeof(key), AES_ENCRYPTION) != 0)
+    {
+        // Handle error
+    }
+    wc_AesXtsFree(&aes);
+    \endcode
+
+    \sa wc_AesXtsSetKey
+    \sa wc_AesXtsSetKeyNoInit
+    \sa wc_AesXtsEncrypt
+    \sa wc_AesXtsDecrypt
+    \sa wc_AesXtsFree
+*/
+int wc_AesXtsInit(XtsAes* aes, void* heap, int devId);
+
+
+/*!
+    \ingroup AES
+
+    \brief This is to help with setting keys to correct encrypt or decrypt type,
+    after first calling wc_AesXtsInit(). It is up to user to call wc_AesXtsFree
+    on aes key when done.
+
+    \return 0 Success
+
+    \param aes   AES keys for encrypt/decrypt process
+    \param key   buffer holding aes key | tweak key
+    \param len   length of key buffer in bytes. Should be twice that of
+    key size.
+                 i.e. 32 for a 16 byte key.
+    \param dir   direction, either AES_ENCRYPTION or AES_DECRYPTION
+
+    _Example_
+    \code
+    XtsAes aes;
+
+    if(wc_AesXtsInit(&aes, NULL, 0) != 0)
+    {
+        // Handle error
+    }
+    if(wc_AesXtsSetKeyNoInit(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0)
+       != 0)
+    {
+        // Handle error
+    }
+    wc_AesXtsFree(&aes);
+    \endcode
+
+    \sa wc_AesXtsEncrypt
+    \sa wc_AesXtsDecrypt
+    \sa wc_AesXtsFree
+*/
+int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key,
+         word32 len, int dir);
+
+
 /*!
     \ingroup AES
 
@@ -686,6 +762,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
     wc_AesXtsFree(&aes);
     \endcode
 
+    \sa wc_AesXtsInit
+    \sa wc_AesXtsSetKeyNoInit
     \sa wc_AesXtsEncrypt
     \sa wc_AesXtsDecrypt
     \sa wc_AesXtsFree
@@ -726,6 +804,8 @@ int wc_AesXtsSetKey(XtsAes* aes, const byte* key,
 
     \sa wc_AesXtsEncrypt
     \sa wc_AesXtsDecrypt
+    \sa wc_AesXtsInit
+    \sa wc_AesXtsSetKeyNoInit
     \sa wc_AesXtsSetKey
     \sa wc_AesXtsFree
 */
@@ -765,6 +845,8 @@ int wc_AesXtsEncryptSector(XtsAes* aes, byte* out,
 
     \sa wc_AesXtsEncrypt
     \sa wc_AesXtsDecrypt
+    \sa wc_AesXtsInit
+    \sa wc_AesXtsSetKeyNoInit
     \sa wc_AesXtsSetKey
     \sa wc_AesXtsFree
 */
@@ -805,6 +887,8 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out,
     \endcode
 
     \sa wc_AesXtsDecrypt
+    \sa wc_AesXtsInit
+    \sa wc_AesXtsSetKeyNoInit
     \sa wc_AesXtsSetKey
     \sa wc_AesXtsFree
 */
@@ -844,6 +928,8 @@ int wc_AesXtsEncrypt(XtsAes* aes, byte* out,
     \endcode
 
     \sa wc_AesXtsEncrypt
+    \sa wc_AesXtsInit
+    \sa wc_AesXtsSetKeyNoInit
     \sa wc_AesXtsSetKey
     \sa wc_AesXtsFree
 */
@@ -872,6 +958,8 @@ int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
 
     \sa wc_AesXtsEncrypt
     \sa wc_AesXtsDecrypt
+    \sa wc_AesXtsInit
+    \sa wc_AesXtsSetKeyNoInit
     \sa wc_AesXtsSetKey
 */
 int wc_AesXtsFree(XtsAes* aes);

diff --git a/doc/dox_comments/header_files/cmac.h b/doc/dox_comments/header_files/cmac.h
@@ -23,6 +23,8 @@
     \sa wc_InitCmac_ex
     \sa wc_CmacUpdate
     \sa wc_CmacFinal
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
 */
 int wc_InitCmac(Cmac* cmac,
                 const byte* key, word32 keySz,
@@ -55,6 +57,8 @@ int wc_InitCmac(Cmac* cmac,
     \sa wc_InitCmac_ex
     \sa wc_CmacUpdate
     \sa wc_CmacFinal
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
 */
 int wc_InitCmac_ex(Cmac* cmac,
                 const byte* key, word32 keySz,
@@ -75,29 +79,74 @@ int wc_InitCmac_ex(Cmac* cmac,
 
     \sa wc_InitCmac
     \sa wc_CmacFinal
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
 */
 int wc_CmacUpdate(Cmac* cmac,
                   const byte* in, word32 inSz);
 
+
 /*!
     \ingroup CMAC
-    \brief Generate the final result using Cipher-based Message Authentication Code
+    \brief Generate the final result using Cipher-based Message Authentication Code, deferring context cleanup.
     \return 0 on success
     \param cmac pointer to the Cmac structure
     \param out pointer to return the result
     \param outSz pointer size of output (in/out)
 
     _Example_
     \code
-    ret = wc_CmacFinal(cmac, out, &outSz);
+    ret = wc_CmacFinalNoFree(cmac, out, &outSz);
+    (void)wc_CmacFree(cmac);
     \endcode
 
     \sa wc_InitCmac
     \sa wc_CmacFinal
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
 */
-int wc_CmacFinal(Cmac* cmac,
+int wc_CmacFinalNoFree(Cmac* cmac,
                  byte* out, word32* outSz);
 
+/*!
+    \ingroup CMAC
+    \brief Generate the final result using Cipher-based Message Authentication Code, and clean up the context with wc_CmacFree().
+    \return 0 on success
+    \param cmac pointer to the Cmac structure
+    \param out pointer to return the result
+    \param outSz pointer size of output (in/out)
+
+    _Example_
+    \code
+    ret = wc_CmacFinal(cmac, out, &outSz);
+    \endcode
+
+    \sa wc_InitCmac
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
+*/
+int wc_CmacFinalNoFree(Cmac* cmac);
+
+/*!
+    \ingroup CMAC
+    \brief Clean up allocations in a CMAC context.
+    \return 0 on success
+    \param cmac pointer to the Cmac structure
+
+    _Example_
+    \code
+    ret = wc_CmacFinalNoFree(cmac, out, &outSz);
+    (void)wc_CmacFree(cmac);
+    \endcode
+
+    \sa wc_InitCmac
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFinal
+    \sa wc_CmacFree
+*/
+int wc_CmacFree(Cmac* cmac);
+
 /*!
     \ingroup CMAC
     \brief Single shot function for generating a CMAC

diff --git a/src/quic.c b/src/quic.c
@@ -1055,6 +1055,7 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher)
         ret = 0;
     }
 
+    (void)wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif

diff --git a/src/ssl.c b/src/ssl.c
@@ -29665,6 +29665,8 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
 end:
 
     (void)wc_HmacFree(&hmacCtx.hmac);
+    (void)wolfSSL_EVP_CIPHER_CTX_cleanup(evpCtx);
+
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(evpCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif

diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c
@@ -2079,14 +2079,10 @@ WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void)
     ctx = (WOLFSSL_CMAC_CTX*)XMALLOC(sizeof(WOLFSSL_CMAC_CTX), NULL,
         DYNAMIC_TYPE_OPENSSL);
     if (ctx != NULL) {
-        /* Allocate memory for wolfSSL CMAC object. */
-        ctx->internal = (Cmac*)XMALLOC(sizeof(Cmac), NULL, DYNAMIC_TYPE_CMAC);
-        if (ctx->internal == NULL) {
-            XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx = NULL;
-        }
-    }
-    if (ctx != NULL) {
+        /* Memory for wolfSSL CMAC object is allocated in
+         * wolfSSL_CMAC_Init().
+         */
+        ctx->internal = NULL;
         /* Allocate memory for EVP cipher context object. */
         ctx->cctx = wolfSSL_EVP_CIPHER_CTX_new();
         if (ctx->cctx == NULL) {
@@ -2110,9 +2106,13 @@ void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx)
     if (ctx != NULL) {
         /* Deallocate dynamically allocated fields. */
         if (ctx->internal != NULL) {
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+            wc_CmacFree((Cmac*)ctx->internal);
+#endif
             XFREE(ctx->internal, NULL, DYNAMIC_TYPE_CMAC);
         }
         if (ctx->cctx != NULL) {
+            wolfSSL_EVP_CIPHER_CTX_cleanup(ctx->cctx);
             wolfSSL_EVP_CIPHER_CTX_free(ctx->cctx);
         }
         /* Deallocate CMAC context object. */
@@ -2167,22 +2167,37 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keySz,
     /* Only AES-CBC ciphers are supported. */
     if ((ret == 1) && (cipher != EVP_AES_128_CBC) &&
             (cipher != EVP_AES_192_CBC) && (cipher != EVP_AES_256_CBC)) {
+        WOLFSSL_MSG("wolfSSL_CMAC_Init: requested cipher is unsupported");
         ret = 0;
     }
     /* Key length must match cipher. */
     if ((ret == 1) && ((int)keySz != wolfSSL_EVP_Cipher_key_length(cipher))) {
+        WOLFSSL_MSG("wolfSSL_CMAC_Init: "
+                    "supplied key size doesn't match requested cipher");
         ret = 0;
     }
 
+    if ((ret == 1) && (ctx->internal == NULL)) {
+        /* Allocate memory for wolfSSL CMAC object. */
+        ctx->internal = (Cmac*)XMALLOC(sizeof(Cmac), NULL, DYNAMIC_TYPE_CMAC);
+        if (ctx->internal == NULL)
+            ret = 0;
+    }
+
     /* Initialize the wolfCrypt CMAC object. */
     if ((ret == 1) && (wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
             (word32)keySz, WC_CMAC_AES, NULL) != 0)) {
+        WOLFSSL_MSG("wolfSSL_CMAC_Init: wc_InitCmac() failed");
+        XFREE(ctx->internal, NULL, DYNAMIC_TYPE_CMAC);
+        ctx->internal = NULL;
         ret = 0;
     }
     if (ret == 1) {
         /* Initialize the EVP cipher context object for encryption. */
         ret = wolfSSL_EVP_CipherInit(ctx->cctx, cipher, (const byte*)key, NULL,
             1);
+        if (ret != WOLFSSL_SUCCESS)
+            WOLFSSL_MSG("wolfSSL_CMAC_Init: wolfSSL_EVP_CipherInit() failed");
     }
 
     WOLFSSL_LEAVE("wolfSSL_CMAC_Init", ret);
@@ -2237,7 +2252,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len)
 
     WOLFSSL_ENTER("wolfSSL_CMAC_Final");
 
-    /* Valiudate parameters. */
+    /* Validate parameters. */
     if (ctx == NULL) {
         ret = 0;
     }
@@ -2268,6 +2283,9 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len)
         else if (len != NULL) {
             *len = (size_t)len32;
         }
+
+        XFREE(ctx->internal, NULL, DYNAMIC_TYPE_CMAC);
+        ctx->internal = NULL;
     }
 
     WOLFSSL_LEAVE("wolfSSL_CMAC_Final", ret);
@@ -2899,7 +2917,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out,
 
 #ifdef OPENSSL_EXTRA
 
-#ifndef NO_AES
+#if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
 
 /* Sets the key into the AES key object for encryption or decryption.
  *
@@ -3408,7 +3426,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
     return len;
 }
 #endif /* HAVE_CTS */
-#endif /* NO_AES */
+#endif /* !NO_AES && !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
 #endif /* OPENSSL_EXTRA */
 
 /*******************************************************************************